Healthcare data breaches: a look into Verizon’s 2021 Data Breach investigations Report

In your opinion, what is the profile of actors behind data breaches in healthcare organizations today? What are their preferred tactics? If you think of both internal and external threat actor profiles and ransomware as the favored tactic from the financially motivated organized criminal groups, you are right! The Verizon 2021 Data Breach Investigations Report (DBIR) confirmed this in their research.

They weren’t alone in arriving at this conclusion, though! To do so, they compiled data from 83 different contributing security organizations. Atos shared its datasets with Verizon for this project, and we are happy to do our small part to help Verizon develop an accurate picture of today’s cybersecurity landscape. If you are looking for an overall summary of the report, head here, and if you are here to get insights into the healthcare threat landscape from the report, read on!

Why is healthcare under attack?

The healthcare cybersecurity landscape has changed over the past year. New threat actors have emerged, and their motives have changed.

Previously, most healthcare breaches were caused by internal actors. This year’s report shows a shift from internal to external threat actors, the latest representing 61%. Before 2019, most security incidents were due to human errors. Now, external threats are becoming more prominent and originating from financially motivated actors.

There’s a simple reason for this shift from internal accidents to financially motivated external actors -healthcare data is amongst the most expensive among all industries: the average price of health-related data can rise to $250 on the black market[1]. Moreover, cyber-attack tools are now easily accessible. During the pandemic, we saw coronavirus infection kit using java-based malware deployments sold online from $200 to $700.

The report also found another interesting fact in healthcare breaches - personal data is more compromised than medical data (66% vs. 55% in incidents). One of the reasons may be that medical information is more protected and leaves the floor to hackers to compromise personal data more easily as it is in reach. This highlights the importance of securing all sensitive data to keep it confidential.

Ransomware: an IT scourge for hospitals and life sciences companies

Verizon DBIR found that ransomware is one of the preferred tactics for external actors. Often propagated through phishing, ransomware locked out several healthcare IT systems in exchange for ransoms during the pandemic. Quite recently, it has been the case for the Irish health service that was targeted by advanced ransomware. The hospitals had to shut down their IT systems to prevent the attack from spreading, leading to the cancellation of many medical appointments at the height of its COVID-19 vaccination program. In another incident, the first death attributed to a ransomware attack occurred in 2020 in Germany. The patient’s hospital was compromised and had its operations shut down by a ransomware attack. The patient was being transferred to another hospital to continue treatment but died in transit.[2]

How can healthcare organizations stay safe from these deadly ransomware attacks?

Security awareness is a crucial element here. For instance, the healthcare workforce should be trained to recognize suspicious emails or links and avoid clicking them. But not everything should be on their shoulders: secure gateways, DNS queries monitoring, regular system updates… these are all part of an efficient security policy. Yet, there is no miraculous solution against ransomware. It becomes crucial to ensure healthcare organizations are prepared to respond quickly and effectively if they suffer a ransomware attack. Cyber recovery solutions should also be implemented to recover rapidly from an attack.

Internal Threats: the significance of human error in data breaches

We’ve talked a lot about external actors. However, according to the Verizon DBIR report, human errors remain one of the main reasons healthcare data is compromised. Misdelivery of documents being the most common error (36%), then publishing error and misconfiguration. As stated earlier, training is part of the solution but not the complete answer. The right security tools must support this.

Previously, most healthcare breaches were caused by internal actors. This year’s report shows a shift from internal to external threat actors.

To protect patients’ health information, here are five dimensions that should be used as a foundation according to the HIPAA guidelines:

  • Access control to restrict the access of data only to the authorized persons through identity & access management and public key infrastructure solutions
  • Audit control and activity monitoring in systems that use sensitive data
  • Data integrity solutions and procedures that certify data has not been altered or destroyed like digital signature
  • Authentication methods to ensure the person accessing data is the one claimed
  • Transmission security to protect data wherever it is (in motion or at rest) with encryption

Only with these key elements will medical and personal sensitive data be stored securely and used correctly.

To learn more and dig into the details, access your copy of Verizon's report.

More about Atos solutions for cybersecurity in healthcare: https://atos.net/en/industries/healthcare-life-sciences/cybersecurity-in-healthcare

Share this blog article


About Marjolaine Lombard
Cybersecurity Products Offering and Marketing Manager
Marjolaine Lombard is a cybersecurity product offering and marketing manager with a focus on the healthcare, telecom and media industries at Atos. Driven by creativity and commitment, she is promoting cloud security and digital workplace security offerings in an ever changing environment. She also works on content creation, digital marketing and events’ organization. Marjolaine has a master degree in project management and webmarketing at SKEMA Business School.

Follow or contact Marjolaine